🕵️

Bug Bounty Program

STOP! Security researchers are not eligible.

The Scope

At Visor, we passionately pursue seamless and delightful experiences for our customers. This means that our UX runs smoothly, our integrations are the best in the market, and we have the most robust security. In order to ensure this, we have launched Visor’s Bug Bounty Program, where we reward users for finding any bugs or vulnerabilities within the platform.

Quick Disclosure

Please allow us time to review the bug or vulnerability and rectify it. It might take us a few days to review a finding, and we might have further questions before rewarding a participant for their work.

We require that all submissions remain confidential and are not be disclosed to anyone outside of the Visor team. This includes third parties, colleagues, or as part of a review on review sites.

Who is Qualified for the Bug Bounty Program?

Anyone who currently has a Visor account and is an active Visor user can participate in the bug bounty program.

Security researchers who register a Visor account only for the purpose of identifying bugs or vulnerabilities are not eligible under this program.

Where in the Visor Platform

There are three areas of the platform where participants of the Bug Bounty Program can hunt:

  • User Experience: Anywhere within Visor’s front-end system. Participants can hunt for bugs across Visor’s UX.
  • Integrations: Users can hunt for bugs throughout all of Visor’s integration functionalities. This includes integrating to an app importing, syncing, and editing imported data within the Visor platform.
  • Security: Vulnerabilities that directly or indirectly affect the confidentiality or integrity of user data or privacy

The scope is limited to the Visor product at https://app.visor.us and may not be submitted by security researchers.

Security researchers are not eligible to be rewarded.

This program is meant to reward real Visor users who encounter bugs during the course of their usage of Visor. We do not want security researchers attempting to find bugs in our production environment. This generates garbage data in our system and may compromise the experience of our customers.

Submitting test data or otherwise attempting to test our rate-limiting features will automatically invalidate you from receiving any award through this program.

If the Visor team determines that your account was created for the exclusive purpose of identifying bugs and claiming rewards from this program, you will not be eligible for the rewards. The Visor team, at their discretion, will determine if your account has enough historic activity to be considered for a reward.

We periodically run programs in a separate staging environment for security researchers via BugCrowd. Please check back again for the date of the next bug bounty expedition.

Bug Requirements

  • The bug should have been encountered during ordinary use of the product — this is not a program for security researchers. New accounts that only demonstrate attempts to identify bugs will not be eligible for this program.
  • A bug should be described for the first time and should not have been reported before. Duplicated issues are not eligible for a reward. If a bug has already been found by a Visor team member or another participant, it will not qualify.
  • A bug report should have a detailed description and scenario for reproduction. A participant can also add a recorded video that demonstrates the bug in question.
  • When writing the description about the bug in the UX or Integrations section, we suggest participants write in the following structure:
    • What I was trying to do
    • What happened
    • What I expected to happen

Where to Report a Bug

When reporting a bug, there are two options for a participant to share their findings with the Visor team:

  • The preferred option is by reporting the bug in the feedback window. This can be accessed when you are logged into your account and click on the feedback button, which is located on the top right corner of your screen. Please note the examples below:

image

image

  • The second option is by sending an email to support@visor.us. This email only accepts messages from users with registered accounts.
Security researchers are not eligible to submit bugs to earn rewards. Those who register a Visor account only for the purpose of identifying bugs or vulnerabilities are not eligible under this program. Instead, please consider joining one of our BugCrowd bug bash events.

Rewards for Bounty

Rewards will be paid in Amazon gift cards based on the severity of the bug or vulnerability. Rewards will be decided on a case-by-case basis. Most UX and integration bugs will be worth a $20 bounty. Security vulnerabilities are generally awarded up to $300. Security researchers will not be paid - only real users and customers.

Please note that this program is administered at the sole discretion of the Visor team. These terms are subject to change at any time and without notice.

Let’s Begin the Hunt!